top of page
The Most Disregarded Question in the Recent NPM Supply Chain Attack That Developers Need Answers For
The recent NPM supply chain attacks affecting over 2 billion weekly downloads have prompted extensive security analysis across the...
Sep 174 min read
Protecting Against Domain Impersonation: The npmjs.help Breach That Should Never Have Happened
Not to be that person, but... ...We've been shouting this from the rooftops for ages 📢 The recent npmjs.help breach has everyone doing...
Sep 102 min read
Defending Against FIN8: Validate Your Ransomware Defenses with Targeted Attack Scenarios
Known for their targeted ransomware campaigns and advanced persistence techniques, FIN8 has caused significant damage across multiple...
Sep 36 min read
Part III: CVE-2025-53773 - Visual Studio & Copilot – Wormable Command Execution via Prompt Injection
In the previous articles, we've discussed the theoretical and practical foundations of prompt injection attacks. In this concluding part,...
Aug 134 min read
Part II: Wormable Prompt Injections – Self-Replicating Exploits in AI
In the second part of this series we’re going to explore how yet underrated aspects of prompt injections have the potential to make them...
Aug 55 min read
Part I: Prompt Injection – Exploiting LLM Instruction Confusion
Prompt injection represents a fundamental flaw in modern Large Language Models (LLMs), rooted in their inability to reliably distinguish...
Jul 313 min read
When Real Attackers Meet Real Defenders: Inside Our Cybersecurity Documentary
What happens when you put real attackers against real defenders in a high-stakes environment? That's exactly what we explored in our...
Jul 163 min read
🚀 V1.73 is out!
We hear you! And we want to be more transparent about what we’re building. That’s why we’ve been working on these new updates. From...
Jul 141 min read
Elevating privileges with a single command: exploiting CVE-2025-32463
Persistence is in our name, and gaining persistent root access is often the crown jewel of any attack chain. Today, we're diving deep...
Jul 35 min read
Simulating Data Exfiltration with Nemesis
In today's threat landscape, cybersecurity teams face a critical challenge: preventing sensitive data from leaving their networks through...
May 155 min read
NotPetya: A Watershed Moment in Cyber Warfare & How Nemesis BAS Can Prepare You
After analyzing the 2017 NotPetya attack - arguably history's most devastating cyber offensive with over $10 billion in damages - we're...
Apr 222 min read
Ransomware Defense Validation (RDV) Solution
What if you could test your protection against Ransomware attacks and get actionable results today? Well you can with the Nemesis...
Apr 162 min read
Nemesis Now Speaks MCP – Ushering In the Age of AI-Driven Security Validation
We're thrilled to share that Nemesis , our breach-and-attack simulation (BAS) platform, is now fully integrated with the Model Context...
Apr 72 min read
Using YARA For Adversary Simulation
In today’s evolving threat landscape, ensuring that your security controls are both robust and responsive is paramount. At Persistent...
Mar 214 min read
Automated Penetration Testing vs. Breach & Attack Simulation: A Side-by-Side Comparison
In cybersecurity, understanding your weaknesses before attackers do is crucial. Organizations rely on various tools to assess and...
Feb 262 min read
Which Cyber Defenses Actually Work in 2025
Many companies mistakenly interpret the absence of cybersecurity incidents as evidence that their defenses are robust. However, this...
Feb 264 min read
Think You’re Ready for DORA? Think Again!
As the January 17, 2025 deadline for the Digital Operational Resilience Act (DORA) has passed, financial institutions across the EU are...
Jan 224 min read
Navigating DORA Compliance for Insurance Firms: An Introduction
The Digital Operational Resilience Act (DORA) represents a turning point in Europe’s approach to digital operational security, and its...
Nov 6, 20243 min read
Digital Operational Resilience Act Series: Article 26 and 27 - Pen testing and Red Teaming
The final tranche of Regulatory Technical Standards (RTS) for the Digital Operational Resilience Act (DORA) have been published last...
Aug 2, 20242 min read
Digital Operational Resilience Act Series: Regulator Reactions and Information so far.
With the final set of Regulatory Technical Standards (RTS’s) being released on July 17th, 2024, there has not been an overly prescriptive...
Jul 10, 20242 min read
Blog
News & Resources
Subscribe to keep updated about the latest product features, technology news and resources.
Want to learn more about how Nemesis can help you?
Fill in the form and we will contact you shortly or you can always reach us out via: info@persistent-security.net
bottom of page